ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milind W" <mailingl...@mymunshi.com>
Subject Re: how to set security and permissions precedence
Date Mon, 04 Aug 2008 06:07:01 GMT
I changed my controller to conform with the example controller.xml.
Now it does attempt to send me to the login screen but get the following
error.

org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen
[component://common/widget/CommonScreens.xml#login]:
java.lang.IllegalArgumentException: Could not find screen with name
[main-decorator] in the same file as the screen with name [login] (Could
not find screen with name [main-decorator] in the same file as the screen
with name [login])

Help!
> your controller does not conform to the current svn controllers.
> please review them.
>
>
> Milind W sent the following on 8/3/2008 5:35 PM:
>> I got the updated files.
>> Did ant clean and then a new build.
>> I still see the SAME behavior described in my previous email.
>> I am attaching my controller.xml
>>
>>> here is the fix
>>> http://svn.apache.org/viewvc?rev=682228&view=rev
>>>
>>> Milind W sent the following on 8/3/2008 4:27 PM:
>>>> Just tried "ant clean" it made no difference.
>>>> I can proceed to main without being redirected to login with
>>>> rev#679258.
>>>>
>>>>
>>>> Relevant log for rev#679258
>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>> [RequestHandler.java:243:INFO ] [Processing Request]: main
>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>> [RequestHandler.java:433:INFO ] [RequestHandler.doRequest]: Response
>>>> is
>>>> a
>>>> view. sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1)
>>>> [RequestHandler.java:584:INFO ] servletName=control, view=main
>>>> sessionId=B2364C2D58837E9163B9B9214E2228FA.jvm1
>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>>>> UtilJ2eeCompat.java:69
>>>> :INFO ] serverInfo: apache tomcat/6.0.16
>>>> 2008-08-03 16:15:04,515 (http-0.0.0.0-8080-1) [
>>>> UtilJ2eeCompat.java:78
>>>> :INFO ] Apache Tomcat detected, using response.getWriter to write text
>>>> out
>>>> instead of response.getOutputStream
>>>>
>>>> and with rev#677863
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> RequestHandler.java:236:INFO ] [Processing Request]: main
>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> LoginWorker.java:262:INFO ] reqParams Map: []
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> LoginWorker.java:263:INFO ] queryString:
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> LoginWorker.java:273:INFO ] checkLogin: queryString=
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> LoginWorker.java:274:INFO ] checkLogin: PathInfo=/main
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> RequestHandler.java:425:INFO ] [RequestHandler.doRequest]: Response is
>>>> a
>>>> view. sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> RequestHandler.java:578:INFO ] servletName=control, view=login
>>>> sessionId=72EE22303A9A4DCDB76F64EE41F963DA.jvm1
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> UtilJ2eeCompat.java:69 :INFO ] serverInfo: Apache Tomcat/5.5.20
>>>> 2008-08-03 18:11:55,343 (http-0.0.0.0-8080-Processor4) [
>>>> UtilJ2eeCompat.java:78 :INFO ] Apache Tomcat detected, using
>>>> response.getWriter to write text out instead of
>>>> response.getOutputStream
>>>>
>>>> The loginworker seems to be invoked with rev#677863 and not with
>>>> rev#679258.
>>>> Any Idea?
>>>>
>>>>> Did you try an "ant clean" ? There have been some changes recently
>>>>> that
>>>>> implie this cleanup.
>>>>>
>>>>> Jacques
>>>>>
>>>>> From: "Milind W" <mailinglist@mymunshi.com>
>>>>>> Looks like I have a problem making this example work with
>>>>>> revision#679258
>>>>>>
>>>>>> It worked fine (i.e I was redirected to login screen before I could
>>>>>> get
>>>>>> to
>>>>>> main) with rev#677863
>>>>>>
>>>>>> Looks like the view
>>>>>> <view-map name="login" type="screen"
>>>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>>>> is part of the problem. The CommonScreens.xml has moved and does
no
>>>>>> longer
>>>>>> seem to have the 'login' screen.
>>>>>>
>>>>>> I tried finding another screen with the 'login' view. I found
>>>>>> another
>>>>>> one
>>>>>> in the 'common' component and modified my hello controller to point
>>>>>> to
>>>>>> <view-map name="login" type="screen"
>>>>>> page="component://common/widget/CommonScreens.xml#login"/>
>>>>>> but it is no acting the same as previously.
>>>>>>
>>>>>> Please let me know what is missing (or any suggestion how best to
>>>>>> illustrate login) so I can complete and contribute my tutorial for
>>>>>> security. Would hate to create a tutorial that worked with one
>>>>>> specific
>>>>>> build.
>>>>>>
>>>>>> http://ofbiz.markmail.org/search/?q=Milind+W#query:Milind%20W+page:2+mid:kwgcnrsxjigfilp2+state:results
>>>>>>
>>>>>> Thanks
>>>>>> -Milind
>>>>>>
>>>>>>> hi,
>>>>>>> I got login to work by adding the changes below to my controller
>>>>>>> using
>>>>>>> ofbiz4.0.
>>>>>>> I don't think I follow the reason with OFBTOOLS base persmission
>>>>>>> not
>>>>>>> taking effect in the ofbiz-component as explained in OFBIZ-829.
>>>>>>> But I agree with Si Chen on OFBIZ-829
>>>>>>> "The right way is to assume no permission until one of the list
of
>>>>>>> permissions is met." Seems more intitutive.
>>>>>>> For now I can workaround it so thanks all.
>>>>>>> -Milind
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <preprocessor>
>>>>>>>         <!-- Events to run on every request before security
(chains
>>>>>>> exempt) -->
>>>>>>>         <!-- <event type="java"
>>>>>>> path="org.ofbiz.webapp.event.TestEvent"
>>>>>>> invoke="test"/> -->
>>>>>>>         <event type="java"
>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>> invoke="checkExternalLoginKey"/>
>>>>>>>     </preprocessor>
>>>>>>>
>>>>>>> <!-- Request Mappings -->
>>>>>>>
>>>>>>>   <request-map uri="checkLogin" edit="false">
>>>>>>>         <description>Verify a user is logged in.</description>
>>>>>>>         <security https="false" auth="false"/>
>>>>>>>         <event type="java"
>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>> invoke="checkLogin" />
>>>>>>>         <response name="success" type="view" value="main"
/>
>>>>>>>         <response name="error" type="view" value="login" />
>>>>>>>     </request-map>
>>>>>>>
>>>>>>>     <request-map uri="login">
>>>>>>>         <security https="false" auth="false"/>
>>>>>>>         <event type="java"
>>>>>>> path="org.ofbiz.webapp.control.LoginWorker"
>>>>>>> invoke="login"/>
>>>>>>>         <response name="success" type="view" value="main"/>
>>>>>>>         <response name="error" type="view" value="login"/>
>>>>>>>     </request-map>
>>>>>>>
>>>>>>>
>>>>>>> <request-map uri="main">
>>>>>>> <security https="false" auth="true" />
>>>>>>> <response name="success" type="view" value="main"/>
>>>>>>> </request-map>
>>>>>>>
>>>>>>> <view-map name="login" type="screen"
>>>>>>> page="component://marketing/widget/CommonScreens.xml#login" />
>>>>>>>
>>>>>>>
>>>>>>>> Not with a direct link to the comment where is the explanation
;p
>>>>>>>> Actually it was more a didactic post
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>> From: "BJ Freeman" <bjfree@free-man.net>
>>>>>>>>> LOL
>>>>>>>>> that was the first link I sent on this thread.
>>>>>>>>>
>>>>>>>>> Jacques Le Roux sent the following on 7/30/2008 2:18
PM:
>>>>>>>>>> OFBiz Wiki is your friend. Just look for OFBTOOLS.
>>>>>>>>>>
>>>>>>>>>> You would have get
>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security?focusedCommentId=3615#comment-3615
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Jacques
>>>>>>>>>>
>>>>>>>>>> ----- Original Message ----- From: "Milind W"
>>>>>>>>>> <mailinglist@mymunshi.com>
>>>>>>>>>> To: <user@ofbiz.apache.org>
>>>>>>>>>> Sent: Wednesday, July 30, 2008 8:31 PM
>>>>>>>>>> Subject: Re: how to set security and permissions
precedence
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Let me try to break up questions.
>>>>>>>>>>> Should'nt adding
>>>>>>>>>>> base-permission="OFBTOOLS"
>>>>>>>>>>> to the ofbiz-entity.xml force the user to login
with a user id
>>>>>>>>>>> that
>>>>>>>>>>> is
>>>>>>>>>>> associated to the OFBTOOLS security group?
>>>>>>>>>>> I can see the application I created and the line
seems to have
>>>>>>>>>>> no
>>>>>>>>>>> effect.
>>>>>>>>>>> What is the purpose of the line?
>>>>>>>>>>> Thanks
>>>>>>>>>>> -Milind
>>>>>>>>>>>
>>>>>>>>>>>> Please not that opentaps is not at the same
level of revision
>>>>>>>>>>>> that
>>>>>>>>>>>> ofbiz
>>>>>>>>>>>> it
>>>>>>>>>>>> there have been  changes to security.
>>>>>>>>>>>> there are examples in the
>>>>>>>>>>>> framework/example
>>>>>>>>>>>> and
>>>>>>>>>>>> framework/exampleext
>>>>>>>>>>>> I believe this to better tutorial
>>>>>>>>>>>> since they work already.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Balaji Sundar sent the following on 7/29/2008
9:40 PM:
>>>>>>>>>>>>> BJ Freeman wrote:
>>>>>>>>>>>>>> http://docs.ofbiz.org/display/OFBTECH/OFBiz+security
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Milind W sent the following on 7/29/2008
7:58 PM:
>>>>>>>>>>>>>>> hi,
>>>>>>>>>>>>>>> Security Permissions
>>>>>>>>>>>>>>> I am using ofbiz rev.79258
>>>>>>>>>>>>>>> I want to understand how security
works so I made the
>>>>>>>>>>>>>>> following
>>>>>>>>>>>>>>> modifications to hello1
>>>>>>>>>>>>>>> 1)I added base-permission="OFBTOOLS"
to the
>>>>>>>>>>>>>>> ofbiz-component.xml
>>>>>>>>>>>>>>> I could still see the application
I was assuming the
>>>>>>>>>>>>>>> application
>>>>>>>>>>>>>>> would
>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>> me to login or prevent me from
seeing the page.
>>>>>>>>>>>>>>> 2)I added <security> to
the main request
>>>>>>>>>>>>>>> <request-map uri="main">
>>>>>>>>>>>>>>> <security https="false" auth="true"/>
>>>>>>>>>>>>>>> <response name="success" type="view"
value="main"/>
>>>>>>>>>>>>>>> </request-map>
>>>>>>>>>>>>>>> This displays "java.lang.NullPointerException"
in the
>>>>>>>>>>>>>>> browser.
>>>>>>>>>>>>>>> How do permissions precedence
work starting from the UI to
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> entity
>>>>>>>>>>>>>>> layer.
>>>>>>>>>>>>>>> Help appreciated.
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>> -Milind
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Here is the log
>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>> RequestHandler.java:243:INFO
] [Processing Request]: main
>>>>>>>>>>>>>>> sessionId=6E6BB45A4B5AB75A10A9B9404FA622A5.jvm1
>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>> RequestManager.java:159:WARN
]
>>>>>>>>>>>>>>> [RequestManager.getEventType]
>>>>>>>>>>>>>>> Type
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>> event
>>>>>>>>>>>>>>> for request "checkLogin" not
found
>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>> RequestManager.java:146:WARN
]
>>>>>>>>>>>>>>> [RequestManager.getEventPath]
>>>>>>>>>>>>>>> Path
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>> event
>>>>>>>>>>>>>>> for request "checkLogin" not
found
>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>> RequestManager.java:172:WARN
]
>>>>>>>>>>>>>>> [RequestManager.getEventMethod]
>>>>>>>>>>>>>>> Method
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>> event for request "checkLogin"
not found
>>>>>>>>>>>>>>> 2008-07-29 19:07:17,031 (http-0.0.0.0-8080-1)
[
>>>>>>>>>>>>>>> ControlServlet.java:205:ERROR]
>>>>>>>>>>>>>>> ---- runtime exception report
>>>>>>>>>>>>>>> --------------------------------------------------
>>>>>>>>>>>>>>> Error in request handler:
>>>>>>>>>>>>>>> Exception: java.lang.NullPointerException
>>>>>>>>>>>>>>> Message: null
>>>>>>>>>>>>>>> ---- stack trace
>>>>>>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>>>>>>> java.lang.NullPointerException
>>>>>>>>>>>>>>> javolution.util.FastMap.getEntry(Unknown
Source)
>>>>>>>>>>>>>>> javolution.util.FastMap.containsKey(Unknown
Source)
>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestManager.getHandlerClass(RequestManager.java:78)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.loadEventHandler(EventFactory.java:102)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.event.EventFactory.getEventHandler(EventFactory.java:86)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:453)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:259)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:198)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>>>>>>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:255)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> java.lang.Thread.run(Thread.java:595)
>>>>>>>>>>>>>>> --------------------------------------------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>>>>> http://www.opensourcestrategies.com/ofbiz/security.php
>>>>>>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>
>



Mime
View raw message